List of Portable Hardware Devices for Penetration Testing

Posted: 2 years ago by @pentestit14323 viewsUpdated: February 24, 2018 at 4:10 am

All of us at some point or the other think of a possibility of “remoting” a penetration test. Five years ago, you would have to engineer something like this for to suit your own requirements. However now, there are commercial tools already available that help you do that and much more. This is an attempt to do just that – compile a list of portable hardware devices for penetration testing, which you can plug into the “targeted” network and run your tests from elsewhere. Some of them are commercial and the rest are open source. I had done a list like this on the older PenTestIT blog. Since, that was lost and some of the devices are no longer available.

List of Portable Hardware Devices for Penetration Testing:

Raspberry Pi/BeagleBone Black/Hardkernel ODROID: I am a bit biased towards the Raspberry Pi model 3 as it has the hardware required to be a good tool. You do not need a WiFi dongle, or even a bluetooth chip. Just plug it in, install a good OS like the Kali Linux and you are done! These come pretty cheap and are pretty low profile. They run an awesome Quad Core 1.2GHz Broadcom BCM2837 64bit CPU with 1GB RAM and the BCM43438 wireless LAN and Bluetooth Low Energy (BLE) on board. You can even use them for other purposes such as I have listed in the list of Raspberry Pi DIY Projects for anonymity. Order them online at Amazon or the official store here, here and here. If you want to be extra stealthy, get their RASPBERRY PI ZERO W which offers a single-board computer with wireless and Bluetooth connectivity. An awesome article by the guys at BlackHills Information Security detailing their drop box can be found here.

VIA ARTiGO A900: I do not know how many of you have heard about this, but they are pretty cool too. These devices run a decent 1.0GHz VIA Elite E1000 Cortex-A9 dual-core SoC along with 2GB DDR3 of onboard SDRAM. It has a Realtek RTL8111G PCIe Gigabit Ethernet controller, and no wireless access. More information about the ARTiGO A900 can be found here.

MiniPwner: The MiniPwner is a penetration testing “drop box”. It is designed as a small, simple but powerful device that can be inconspicuously plugged into a network and provide the penetration tester remote access to that network. It runs a portable TP-Link MR3040 running OpenWRT with a 2000 mAh built-in battery. Multiple penetration testing tools such as aircrack-ng, elinks, ettercap-ng, karma, kismet, nbtscan, netcat, nmap, openvpn, perl 5, samba client, snort, tar, tcpdump, tmux, yafc, and wget all come pre-installed. Two versions are available: MiniPwner Community Edition and a pre-built setup from the HackerWarehouse.

DreamPlug/SmilePlug/GuruPlug/SheevaPlug: These come from GlobalScale Technologies and are plug computing devices that run network-based software services. These make a worthy addition to the list of portable hardware devices for penetration testing. Get them here.

#r00tabaga: The Ace r00tabaga is similar to the MiniPwner, but has some more features. It can be used as a penetration testing drop box or even as a Hot-Spot honeypot, inconspicuously intercepting WiFi probe requests from every target device. #r00tabaga also runs the running OpenWRT platform with a 2000 mAh built-in battery. This is un-available for order as of now, but sure is a good addition to the list of portable hardware devices for penetration testing. Get it here.

PWN PLUG R3/PWN PLUG R4: If you are lazy and want a fully customized solution for your needs, and you have the money, get these from the guys are Pwnie Express. These are the standard penetration testing devices in a portable form factor with onboard high-gain 802.11a/b/g/n/ac wireless antenna and Bluetooth. These also run Kali Linux and run over 100 OSS-based penetration testing tools including Metasploit, SET, Kismet, Aircrack-NG, SSLstrip, Nmap, Hydra, W3af, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools! Get them here.

That’s all from me for now. This list is arranged with no preference to any make or model. I will keep on updating this list of portable hardware devices for penetration testing as I find more devices. If you know of any, let me know.

Featured Post

Three days ago, an updated version – Sysdig Falco v0.15.0 – was released. It has been some time since I last blogged about this open source behavorial activity monitor which has container support. This release incorporates a lot of rule updates that are now also tagged the for MITRE ATT&CK Framework and patches CVE-2019-8339, a medium severity vulnerability.Read more about UPDATE: Sysdig Falco v0.15.0